[Git][security-tracker-team/security-tracker][master] automatic update

Sat, 16 Dec 2023 00:12:29 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
819c6a77 by security tracker role at 2023-12-16T08:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2023-6849 (A vulnerability was found in kalcaddle kodbox up to 1.48. It 
has been  ...)
+       TODO: check
+CVE-2023-6848 (A vulnerability was found in kalcaddle kodbox up to 1.48. It 
has been  ...)
+       TODO: check
+CVE-2023-50728 (octokit/webhooks is a GitHub webhook events toolset for 
Node.js. Start ...)
+       TODO: check
+CVE-2023-50469 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 
was discov ...)
+       TODO: check
+CVE-2023-50266 (Bazarr manages and downloads subtitles. In version 1.2.4, the 
proxy me ...)
+       TODO: check
+CVE-2023-50265 (Bazarr manages and downloads subtitles. Prior to 1.3.1, the 
/api/swagg ...)
+       TODO: check
+CVE-2023-50264 (Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr 
contain ...)
+       TODO: check
+CVE-2023-4020 (An unvalidated input in a library function responsible for 
communicati ...)
+       TODO: check
+CVE-2023-39340 (A vulnerability exists on all versions of Ivanti Connect 
Secure below  ...)
+       TODO: check
+CVE-2023-31813
+       REJECTED
 CVE-2023-6839 (Due to improper error handling, a REST API resource could 
expose a ser ...)
        NOT-FOR-US: WSO2
 CVE-2023-6838 (Reflected XSS vulnerability can be exploited by tampering a 
request pa ...)
@@ -2329,6 +2349,7 @@ CVE-2023-48123 (An issue in Netgate pfSense Plus 
v.23.05.1 and before and pfSens
 CVE-2023-46773 (Permission management vulnerability in the PMS module. 
Successful expl ...)
        NOT-FOR-US: Huawei
 CVE-2023-46751 (An issue was discovered in the function 
gdev_prn_open_printer_seekable ...)
+       {DSA-5578-1}
        - ghostscript 10.02.1~dfsg-1
        [bullseye] - ghostscript <not-affected> (Vulnerable code introduced 
later)
        [buster] - ghostscript <not-affected> (Vulnerable code introduced later)
@@ -42861,8 +42882,8 @@ CVE-2023-28024
        RESERVED
 CVE-2023-28023 (A cross site request forgery vulnerability in the BigFix WebUI 
Softwar ...)
        NOT-FOR-US: HCL
-CVE-2023-28022
-       RESERVED
+CVE-2023-28022 (HCL Connections is vulnerable to an information disclosure 
vulnerabili ...)
+       TODO: check
 CVE-2023-28021 (The BigFix WebUI uses weak cipher suites.)
        NOT-FOR-US: HCL
 CVE-2023-28020 (URL redirection in Login page in HCL BigFix WebUI allows 
malicious use ...)
@@ -45049,8 +45070,8 @@ CVE-2023-27319
        RESERVED
 CVE-2023-27318
        RESERVED
-CVE-2023-27317
-       RESERVED
+CVE-2023-27317 (ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are 
susceptible to a ...)
+       TODO: check
 CVE-2023-27316 (SnapCenter versions 4.8 through 4.9 are susceptible to a  
vulnerabilit ...)
        NOT-FOR-US: NetApp
 CVE-2023-27315 (SnapGathers versions prior to 4.9 are susceptible to a 
vulnerability   ...)
@@ -133132,8 +133153,8 @@ CVE-2022-24353 (This vulnerability allows 
network-adjacent attackers to execute
        NOT-FOR-US: TP-Link
 CVE-2022-24352 (This vulnerability allows network-adjacent attackers to 
execute arbitr ...)
        NOT-FOR-US: TP-Link
-CVE-2022-24351
-       RESERVED
+CVE-2022-24351 (TOCTOU race-condition vulnerability in Insyde InsydeH2O with 
Kernel 5. ...)
+       TODO: check
 CVE-2022-24350 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with 
kernel 5. ...)
        NOT-FOR-US: Insyde
 CVE-2022-24349 (An authenticated user can create a link with reflected XSS 
payload for ...)
@@ -154033,14 +154054,14 @@ CVE-2021-42799
        RESERVED
 CVE-2021-42798
        RESERVED
-CVE-2021-42797
-       RESERVED
-CVE-2021-42796
-       RESERVED
+CVE-2021-42797 (Path traversal vulnerability in AVEVA Edge (formerly InduSoft 
Web Stud ...)
+       TODO: check
+CVE-2021-42796 (An issue was discovered in ExecuteCommand() in AVEVA Edge 
(formerly In ...)
+       TODO: check
 CVE-2021-42795
        RESERVED
-CVE-2021-42794
-       RESERVED
+CVE-2021-42794 (An issue was discovered in AVEVA Edge (formerly InduSoft Web 
Studio) v ...)
+       TODO: check
 CVE-2021-42793
        REJECTED
 CVE-2021-42792
@@ -249269,12 +249290,12 @@ CVE-2020-17487 (radare2 4.5.0 misparses signature 
information in PE files, causi
        NOTE: https://github.com/radareorg/radare2/issues/17431
 CVE-2020-17486
        RESERVED
-CVE-2020-17485
-       RESERVED
-CVE-2020-17484
-       RESERVED
-CVE-2020-17483
-       RESERVED
+CVE-2020-17485 (A Remote Code Execution vulnerability exist in Uffizio's GPS 
Tracker a ...)
+       TODO: check
+CVE-2020-17484 (An Open Redirection vulnerability exists in Uffizio's GPS 
Tracker all  ...)
+       TODO: check
+CVE-2020-17483 (An improper access control vulnerability exists in Uffizio's 
GPS Track ...)
+       TODO: check
 CVE-2020-17482 (An issue has been found in PowerDNS Authoritative Server 
before 4.3.1  ...)
        - pdns 4.3.1-1 (bug #970737)
        [buster] - pdns 4.1.6-3+deb10u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/819c6a77ba94854c3865643d22f7b14751521fab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/819c6a77ba94854c3865643d22f7b14751521fab
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to